WebApp Sec: Re: Securing password between webserver & appserver.

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

Re: Securing password between webserver & appserver.

From: Chintan Oza <chintan.oza () gmail com>
Date: Mon, 7 Sep 2009 14:10:55 +0530

Dear Saqib,

Yes the webserver will be in the middle.

The password verification will be performed by the application server.

We just dont want the password to be available at the webserver where
the ssl communication ends.

Chintan

On Mon, Sep 7, 2009 at 1:10 PM, Ali, Saqib<docbook.xml () gmail com> wrote:

Chintan,

I am not sure if I understand your question. If you are using the
webserver as the middleware, the authentication credentials will have
to pass through it one way or the other.

Can you please provide more details as to what problem are you trying
to address?  Thanks

Saqib
http://kawphi.blogspot.com

By Date By Thread

Current thread:

Securing password between webserver & appserver. Chintan Oza (Sep 07)
- Re: Securing password between webserver & appserver. Nikhil Wagholikar (Sep 07)
- Re: Securing password between webserver & appserver. Ali, Saqib (Sep 07)
  - Re: Securing password between webserver & appserver. Chintan Oza (Sep 07)
    - Re: Securing password between webserver & appserver. Ali, Saqib (Sep 07)
- Re: Securing password between webserver & appserver. Robert Hajime Lanning (Sep 07)
- RE: Securing password between webserver & appserver. EXT-Adams, Randall E (Sep 07)
- Re: Securing password between webserver & appserver. arvind doraiswamy (Sep 07)
  - Re: Securing password between webserver & appserver. Chintan Oza (Sep 07)